Commit Graph

3581 Commits

Author SHA1 Message Date
Rusty Russell
8edac22595 hsm: don't require privkey for signing off on funding.
I made it privkey to prove we owned one key, but without the HSM checking
we have a valid sig for the first commitment transaction, and that
we haven't revealed the revocation secret key, why bother?

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
edc30b12ea lightningd: --dev-debugger=<subdaemon>
Or for blackbox tests --gdb1=<subdaemon> / --gdb2=<subdaemon>.

This makes the subdaemon wait as soon as it's execed, so we can attach
the debugger.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
a72dd8d9de daemon/options: split option registration and parsing.
This allows us to add extra options before parsing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
952722a8cf lightningd/gossip: Fix return from gossip.
We should check that the peer it says it's returning is under its control,
we need to take back the peer fd, and use the correct conversion routine
for the packet it sends us.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
7525ed787a lightningd/hsm: create a peer-seed for peer secrets.
For the moment this is simply handed through to lightningd for
generating the per-peer secrets; eventually the HSM should keep it and
all peer secret key operations would be done via HSM-ops.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
90737371d0 lightningd/cryptomsg: split raw crypto_state vs peer_crypto_state
Raw crypto_state is what we send across the wire: the peer one is for
use in async crypto io routines (peer_read_message/peer_write_message).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
6cf8a19881 lightningd/opening: receive details for remote config acceptance, not min/max.
The requirements for accepting the remote config are more complex than
a simple min/max value, as various parameters are related.  It turns
out that with a few assumptions, we can boil this down to:

1.  The valid feerate range.
2.  The minimum effective HTLC throughput we want
3.  The a maximum delay we'll accept for us to redeem.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
a8b9177e9e lightningd/opening: seed is a privkey not an sha256.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
b8472b65ba lightningd/build_utxos: don't lockin the UTXO reservation until confirmed.
Unless the transaction is confirmed, the UTXOs should be released if
something happens to the peer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
be7c7b9732 lightningd/handshake: rename WIRE_BAD_COMMAND to WIRE_HANDSHAKE_BAD_COMMAND
So it doesn't clash with opening daemon, for example.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
b1403a764f lightningd/opening: use peer_failed to send PKT_ERR on problems.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:55 +10:30
Rusty Russell
8b279b7c14 opening: remove unused opening_watch_funding_req/resp.
This is now part of the responses: starting the normal peer daemon
is done once the tx is buried.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:55 +10:30
Rusty Russell
89af53267b lightningd/peer_failed: helper to send PKT_ERR and exit daemon.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:55 +10:30
Rusty Russell
13ac472062 lightningd/crypto_sync: fix sync_crypto_write / sync_crypto_read
wire_sync_write() adds length, but we already have it, so use write_all.

sync_crypto_read() handed an on-stack buffer to cryptomsg_decrypt_header,
which expected a tal() pointer, so use the known length instead.

sync_crypto_read() also failed to read the tag; add that in (no
overflow possible as 16 is an int, len is a u16).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:35 +10:30
Christian Decker
8912272983 gossip: Prevent normal messages to trigger the staggered broadcast
Only call `peer_dump_gossip` if the broadcast timer actually
expired. previously it could get triggered by any normal message.
2017-02-21 17:59:34 +01:00
Christian Decker
fccab6411d gossip: Add timer and normal queue for messages
The peer is woken up every 30 seconds to deliver the backlog of
messages. Additionally I added the normal message queue to be able to
send non-gossip message to the peer.
2017-02-21 17:59:34 +01:00
Christian Decker
83f51fe965 gossip: Add timer support to the io_loop 2017-02-21 17:59:34 +01:00
Christian Decker
597687d1f0 Fix CI build
Extraneous whitespace in cryptomsg.h
2017-02-21 17:56:35 +01:00
Rusty Russell
5475666b7e lightningd: simple wallet support.
This allows us to add funds via the P2SH-wrapped Segwit Transactions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:19:02 +10:30
Rusty Russell
065f11b42a lightningd/opening: opening daemon.
This conducts the conversation up until we have the txid to wait for
(or broadcast).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
e3f2d72d4d crypto_sync: synchronous routines for inter-peer crypto.
This is used by the opening daemon, for example.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
f66445c1d1 hsm: sign funding transactions.
The main daemon gives it to us to sign the inputs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
891a915e0f hsm: return BIP32 public seed on initialization.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
fddb38126d utxo: wire support for unspent transactions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
19f3b68d28 hsm: remove shutdown command.
We don't use it, and should shutdown when control fd goes away anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
ac1890136c hsm: rename the hsmctl_hsmfd_ecdh_response to hsmctl_hsmfd_fd_response
We want to use it for other HSM fd requests.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
08e95d59b5 permute_tx: generic pointer map.
Turns out we want to permute transactions for the wallet too, so we
use void ** rather than assume we're shuffling htlc ** (and do inputs,
too!).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:29 +10:30
Rusty Russell
b431443266 hsm: BIP32 seed for bitcoin keys.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
4a7418e3db channel: object to track channel state.
This object is basically the embodyment of BOLT #2.  Each HTLC already
knows its own state; this moves them between states and keeps them
consistent.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
ec4db39a8e commit_tx: print HTLC id not amount when making test vectors.
For our test vectors there are two HTLCs with the same amount; this
is clearer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
9284819f68 commit_tx: expose more internal functions.
without having to build it, which is needed for limit enforcement.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
e8e96e67d0 commit_tx: make interface side-agnostic.
It's currently written to produce "local" commit-txs, but of course we
need to produce remote ones too, for signing.

Thus instead of using "remote" and "local" we use "other" and "self",
and indicate with a single "side" flag which we're generating (because
that changes how HTLCs are interpreted).

This also adds to the tests: generate the remote view of the commit_tx
and make sure it matches!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
068cdc825f htlc_tx: fix fee for HTLC-timeout tx.
Reported-by: Fabrice Drouin <fabrice.drouin@acinq.fr>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
726e7226c4 commit_tx: update HTLC-tx fees to match latest BOLT.
As per lightning-rfc BOLT #3 ec99f893f320e8c88f564c1c8566f3454f0f1f5f:
"fixed htlc weight calculation"

Reported-by: Fabrice Drouin <fabrice.drouin@acinq.fr>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
35909ba94a cryptomsg: wording fix with update to latest BOLT.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
f7cc079221 test/run-commit_tx: Fix derivation of BOLT #3 test vectors.
We were using the remote per_commitment_point instead of the local
per_commitment_point to generate the remotekey for the local transaction.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
20a07d860a check-source: include tests, libdir.
And fix the resulting issues.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:28 +10:30
Rusty Russell
9fd40da38c generate-wire: don't hand unknown structures specially.
It's awkward to handle them differently.  But this change means we
need to expose them to the generated code.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 15:15:19 +10:30
Rusty Russell
66d122684d lightningd/test/run-commit_tx: Creation of BOLT 3 test vectors.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:22 +10:30
Rusty Russell
0fe53cc8e7 permute_tx: reintroduce permute map.
We used to have a permutation map; this reintroduces a variant which
uses the htlc pointers directly.

We need this because we have to send the htlc-tx signatures in output
order as part of the protocol: without two-stage HTLCs we only needed
to wire them up in the unilateral spend case so we simply brute-forced
the ordering.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:22 +10:30
Rusty Russell
e11d9304ab lightningd/hbtlc_tx: creation of BOLT 3 htlc transactions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:22 +10:30
Rusty Russell
f9189254e4 lightningd/commit_tx: creation of BOLT 3 commitment transaction.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:22 +10:30
Rusty Russell
b290a96a4a lightningd: use daemon/htlc_state.c
We're about to need HTLC handling.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:22 +10:30
Rusty Russell
be46fdf254 lightningd/funding_tx.c: helper to create a funding transaction (with change).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:21 +10:30
Rusty Russell
75c6dd1981 channel_config: convenient structure for handling open/accept config info.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:21 +10:30
Rusty Russell
dc3b27e1d3 key_derive: key derivation from basepoints as specified in BOLT 3
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:21 +10:30
Rusty Russell
4ed259c46c gen_peer_wire_csv: update for latest spec.
We have a separate announcement_signatures message now.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 12:14:14 +10:30
Christian Decker
fb814a7a9e gossip: Adding announcement handling to the gossip subdaemon.
We now have all the pieces to wire in the handling functionality to
the new gossip subdaemon.
2017-02-03 05:52:11 +10:30
Christian Decker
76e2c980e1 gossip: Moving to intmap-based broadcast for the legacy daemon
Moved the broadcast functionality to broadcast.[ch]. So far this
includes only the enqueuing side of broadcasts, the dequeuing and
actual push to the peer is daemon dependent. This also adds the
broadcast_state to the routing_state and the last broadcast index to
the peer for the legacy daemon.
2017-02-03 05:52:11 +10:30
Christian Decker
3cb576d69d refactor: Moving gossip/routing specific state into its own struct
This used to be part of `lightningd_state` which is being split up for
the various subdaemons. The main change is the addition of the `struct
routing_state` in `routing.h` and the addition of `rstate` in `struct
lightningd_state` for backwards compatibility.
2017-02-03 05:52:11 +10:30
Rusty Russell
a600b1a30f handshake: hand in client fd on exec instead of gratuitous fd passing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 14:48:00 +10:30
Rusty Russell
13a30ff79c subdaemon: close unused fds when creating subdaemon.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 14:48:00 +10:30
Rusty Russell
2f9b04b0d9 subdaemon: start fds at 3 not 4.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 14:48:00 +10:30
Rusty Russell
f9eea9041e handshake: update for BOLT 8 latest revision.
This now matches commit fc4846a27bf420c591ba0b024cc34972816913c7,
and fixes "make check-source".

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 14:48:00 +10:30
Rusty Russell
a02f1e10c4 make check: run all the tests.
We can't run them in parallel, but we can at least have 'make check'
run them all.

Developers should be running "make check-source && make check".

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-02 14:48:00 +10:30
Rusty Russell
6bf3c30a10 lightningd/Makefile: fix check-source
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-13 10:51:57 +10:30
Christian Decker
b41d71da30 Makefile: Making sure header vars are populated correctly
The problem with wire headers not being generated in time before stuff
depended on it turns out to be related with inclusion order of
sub-makefiles. The inclusions must preceed the use of
LIGHTNINGD_HEADERS since they append to that variable.
2017-01-13 10:50:07 +10:30
Rusty Russell
33748bf119 lightningd/Makefile: combine all headers (wire/gen was missing)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-11 10:15:27 +10:30
Rusty Russell
73d07ce441 libsodium: use our local submodule.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-11 10:04:26 +10:30
Rusty Russell
3af081aded Makefile: make all lightningd objects depend on all lightningd headers.
Christian reported that we weren't generating some gen_ files.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-11 09:16:29 +10:30
Rusty Russell
1e34e5344d lightningd/lightningd: add getpeers command.
This has an optional log level if you want to see logs for the peers.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:34 +10:30
Rusty Russell
dc8b174e3a lightningd/lightningd: maintain a per-peer log.
At the moment we just log each condition change.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
83b156517f lightningd/lightningd: maintain "condition" for each peer.
This lets us return better messages to the connect json command on failure.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
7aaffda779 lightningd/lightningd: finish connect command once gossip started.
This is after the INIT message is received, so we know there are no
incompatible features.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
c536616bee lightningd/lightningd: wire up lightningd_gossip.
Now we hand peers off to the gossip daemon, to do the INIT handshake and
re-transmit/receive gossip.  They may stay there forever if neither we nor
them wants to open a channel.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
1800e84db7 subdaemon: callback to handle subdaemon status updates.
It's a bit messy, since some status messages are accompanied by an FD:
in this case, the handler returns STATUS_NEED_FD and we read that then
re-call the handler.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
21a5c62ead lightningd_gossip: daemon to look after peers which don't a channel (yet)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
03758af4e1 lightningd/lightningd: create unique ID for each peer.
This distinguishes them before they have an ID, and also if the daemon
doesn't know the ID.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
bf118f1b86 lightningd/lightningd: add connect command.
Unlike the old daemon, this just connects; a separate command will be needed
to create a channel.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
211491f4d7 lightningd/lightningd: add lightning_handshake.
Now we do crypto handshake when peer comes in.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
78841456e0 lightningd/handshake: test handshake, produce BOLT 8 test vectors.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
32e1b5bb06 lightningd/handshake: simple daemon to do BOLT 8 crypto handshake.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
6f5fed17d8 lightningd/test: simple black-box tests.
These use the same infrastructure as the daemon/test blackbox tests,
so they're not currently wired into make check; use make
"lightningd-blackbox-tests".
2017-01-10 15:38:33 +10:30
Rusty Russell
0444d68197 lightningd/lightningd: add rpc interface.
daemon/lightning-cli works with this.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
542e6844f7 lightningd/lightningd: start HSM at initialization time.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
10b8dc5950 lightningd/hsm: simple daemon to control the keys.
This provides APIs to access the keys.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
6a089ce112 cryptomsg: add towire/fromwire for crypto state.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
89a06734c4 lightningd/cryptomsg: test routines.
This creates output similar to the BOLT #8 test vectors.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
a7f682c66e lightningd/cryptomsg: routines to encrypt on the wire.
After the handshake, it's a simple matter of AEAD and key rotation.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
faebb87d01 lightningd/subdaemon: routines to create daemons and get request/response.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:38:33 +10:30
Rusty Russell
8bf33c7839 lightningd/lightningd: daemon for controlling the other daemons.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-10 15:37:51 +10:30